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(57) Abstract: A method of reducing credit card fraud including 
the steps of receiving credit card information including a credit card 
number from a person (14) wishing to make a transaction (28); re- 
ceiving a telephone call and verifying that the caller is the person 
(14) who supplied the credit card information (32); receiving au- 
thentication information by way of the telephone call (34); and us- 
ing the authentication information to retrieve a previously authenti- 
cated address for the person (38). By this method, a previously au- 
thenticated address (38) is obtained for the person (14) making the 
transaction. This acts as a safeguard against fraudulent transactions 
because should it transpire that the credit card number provided by 
the person (14) was not their credit card number, they can subse- 
quently be located using the previously authenticated address (38). 
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A METHOD AND SYSTEM FOR REDUCING THE RISK OF CREDIT CARD 

FRAUD 

Technical Field 

This invention relates to a method and system for 
5 reducing the risk of credit card fraud. 



Background to the Invention 

At the time a person opens a credit card account, they 
are usually required to prove their identity by providing 

10 evidence in the foinn of a passport, drivers licence or 

birth certificate or the like. They are also required to ' 
authenticate an address to be associated with the account 
and usually must prove that they are connected with the 
address by providing examples of correspondence that they 

15 have received at that address such as bank statements or 
utility bills. Once the creditworthiness of the person at 
the given address has been checked and the person has been 
approved, the persons connection with the address is 
verified by mailing the credit card to this address. 

20 Thereafter, this authenticated address is used as the 

mailing address for mail order products that are purchased 
using the credit card. This system ensures that, even if 
the credit card is used fraudulently, any goods ordered 
will be despatched to the true account holder. 

25 Some services may be purchased which do not need to be 

provided at the address of a credit card holder. For 
instance, certain internet based vendors offer services in 
return for payme.nt. The services may be used at a website 
and do not involve any delivery to a physical postal 

30 address. Thus, the above mechanism does not assist in 

preventing fraudulent use. For instance, a user may wish 
to purchase credit on an account set up with an internet 
vendor for the purpose of sending SMS messages from a 
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website, or gambling at an online casino. These vendors 
may accept payment by credit card for these services. A 
fraudulent user could pay for these services by providing 
details of a live credit card account of which they are 
5 not the account holder. 

There is a need for an arrangement which would 
ameliorate the above problem. 



Summary of the Invention 

10 In a first aspect the present invention provides a 

method of reducing credit card fraud including the steps 
of receiving credit card information including a credit 
card number from a person wishing to make a transaction; 
receiving a telephone call and verifying that the caller 

15 is the person who supplied the credit card information; 
receiving authentication information by way of the 
telephone call; and 

using the authentication information to retrieve a 
previously authenticated address for the person. 

20 B Y the above method, a previously authenticated 

address is obtained for the person making the transaction. 
This acts as a safeguard against fraudulent transaction 
because should it transpire that the credit card number 
provided by the person was fraudulent such as for instance 

25 by not being their credit card, they can subsequently be 
located using the previously authenticated address. 

A previously authenticated address is an address that 
has been previously authenticated as being connected with 
the person. The address may be authenticated such as by 

30 the person proving that they live at the address or 

otherwise have access to the address by providing items of 
mail received at that address such as utility bills, by 
providing evidence in the form of official correspondence 



I .1 

' t 

WO 03/025868 PCT/AU02/01269 

- 3 - 

received at that address or by providing evidence that 
they have received correspondence at that address sent by 
the organisation wishing to authenticate the address. 

The step of verifying that the caller is the person 
5 who supplied the credit information may include the step 
of receiving the credit card information from the person 
making the telephone call. If the person provides the 
credit card information during the telephone call then it 
can be deduced that the person providing the credit card 
10 information is the same person that is making the 
telephone call. 

The step of verifying that the caller is the person 
who supplied the credit card information may include the 
step of providing the person who supplied the credit card 
15 information with a security code; receiving a security 
code from the caller and matching the received security 
code with a supplied security code. The matching of 
security codes provides a simple way of correlating a 
person making a telephone call with the details they 
20 previously provided. Further, it ensures that they had 
access to the provided security code. 

The step of receiving authentication information by 
way of the telephone call may include the step of 
receiving caller line identification information 
25 transmitted with the telephone call. 

The step of receiving authentication information by 
way of the telephone call may include the step of 
receiving a user name and password from the caller. 

The method may further include the step of verifying 
30 that the previously authenticated address is substantially 
the same as an address associated with the credit card 
number; and accepting the transaction only if the 
verification is successful. 
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The method may further include the step of verifying 
that the previously authenticated address is substantially 
the same as an address associated with the telephone 
account that was used to make the telephone call; and 
5 accepting the transaction only if the verification is 
successful. 

An address is substantially the same as another 
address if it identifies the same physical location. For 
instance, if two addresses differ only in respect that one 

10 contains the term "street" and the other the abbreviation 
"st" then they identify the same physical location. 

If it can be verified that the person has previously 
authenticated an address that is the same as an address 
associated with either a telephone account to which the 

15 person has access or that is the same as an address 

associated with the credit card then this indicates that 
the person is in some way connected with the address. 
This reduces the risk of accepting a transaction from an . 
unauthorised person. 

20 Optionally, the step of verifying that the previously 

authenticated address is substantially the same as an 
address associated with the telephone account further 
includes the step of providing the previously 
authenticated address to a telephone account database 

25 controller and receiving an indication of whether a 
telephone address stored in the telephone database is 
substantially the same as the previously authenticated 
address. Some telephone companies do not give out 
addresses associated with telephone numbers upon request. 

30 They may, however, advise whether a supplied address is 

the same, or substantially the same, as an address stored 
in a telephone database which is under their control. 

Optionally, the credit card information includes an 
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address associated with the credit card number. 

Optionally, the step of receiving the credit card 
information is done by way of the person interacting with 
a computer user interface. 
5 Optionally, the computer user interface is provided 

at an internet website. 

In a second aspect the present invention provides a 
system for reducing credit card fraud including means for 
receiving credit card information including a credit card 

10 number from a person wishing to make a transaction; means 
for receiving a telephone call and verifying that the 
caller is the person who supplied the credit card 
information; means for receiving authentication 
information by way of the telephone call; and means for 

15 using the authentication information to retrieve a 
previously authenticated address for the person. 

The means for verifying that the caller is the person 
who supplied the credit card information may include means 
for providing the person who supplied the credit card 

20 information with a security code; means for receiving a 
security code from the caller and means for matching the 
received security code with a supplied security code. 

The means for receiving authentication information by 
way of the telephone call may include means for receiving 

25 caller line identification information transmitted with 
the telephone call. 

The means for receiving, authentication information by 
way of the telephone call may include means for receiving 
a user name and password from the caller. 

3 0 The system may further include means for verifying 

that the previously authenticated address is substantially 
the same as an address associated with the credit card 
number; and means for accepting the transaction only if 
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the verification is successful. 

The system may further include means for verifying 
that the previously authenticated address is substantially 
the same as an address associated with the telephone 
5 account that was used to make the telephone call; and 
means for accepting the transaction only if the 
verification is successful. • 

Optionally, the means for verifying that the 
previously authenticated address is substantially the same 
10 as an address associated with the telephone account 
further includes means for providing the previously 
authenticated address to a telephone account database 
controller and means for receiving an indication of 
whether a telephone address stored in the telephone 
15 database is substantially the same as the previously 
authenticated address . 

The credit card information may include an address 
associated with the credit card number. 

The means for receiving the credit card information 
2 0 may include a computer user interface. 

The computer user interface may be provided at an 
internet website. 

In a third aspect the present invention provides a 
computer program providing instructions for controlling a 
25 computing system to carry out a method according to the 
first aspect of the invention. 

In a fourth aspect the present invention provides a 
computer readable medium providing a computer program 
according to the third aspect of the invention. 

30 

Brief Description of the Drawings 

An embodiment of the present invention will now be 
described, by way of example only, with reference to the 
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accompanying drawings, in which: 

Figure 1 is a schematic view of an embodiment of a 
system for reducing the risk of credit card fraud 
according to the present invention; and 
5 Figure 2 is a flow chart illustrating the steps of an 

embodiment of a method of reducing the risk of credit card 
fraud according to the present invention. 



Detailed Description of the Preferred Embodiment 

10 Referring to Figure 1, a system 10 is shown including 

receiving means, in this example embodied in server 12. 
The server can receive credit card details from a person 
14 wishing to make a transaction over the internet 16. 
The person 14 can view an interface included in an 

15 internet website displayed on user interface 18. The 

software code required to display the interface is stored 
on server 12. This code may alternatively be stored on 
another computer connected to the internet. 

The person 14 has a telephone 24 which may be used to 

20 dial in to telephone gateway 26. This telephone may be 
either of a traditional land line telephone or a mobile 
telephone . 

The server 12 has access to a database of credit card 
information 20 and a database of telephone information 22. 

25 The credit card database would typically be operated and 
maintained by the credit card company responsible for the 
particular card. Indeed, a variety of credit card 
databases operated by various credit card companies are 
preferably accessible by the system. Similarly, the 

30 database of telephone information would typically be 
operated and maintained by a telephone company. 

Both the credit card database and the database of 
telephone information include details of previously 
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authenticated addresses associated with the respective 
credit card and telephone accounts. 

The system of the invention would typically be 
operated by a checking entity that performs security 
5 checks on behalf of a merchant. Operation of the system 
will now be described with reference to the method 
illustrated by Figure 2. Initially, at step 28 the person 
14 that desires to make a transaction provides their 
credit card information, including the address of the 

10 credit card, using the website interface. These details 
are received by receiving means embodied in server 12. 

At step 30, retrieving means embodied in server 12 
retrieves a previously authenticated credit card address 
associated with the credit card number from credit card 

15 database 20 . 

At step 32, verifying means embodied in server 12 
verifies that the address provided in the credit card 
information is substantially the same as the previously 
authenticated address obtained from credit card database 

20 20. This is done using a software routine running on 
server 12 which applies an algorithm to compare the two 
addresses that allows for minor variations in address 
format. For example, the term "street" is taken to match 
the common abbreviation "st" . If the addresses do not 

25 match then the method returns to step 28. If they do 
match the method proceeds to step 32. 

At step 32, providing means embodied in server 12 
provides a security code to person 14 by causing the 
security code to be displayed on their user interface. 

30 Further, the person is instructed to dial a telephone 
number, also provided by display on the user interface. 

At step 34, the person uses telephone 24 to dial into 
gateway 26..- Gateway 26 identifies the originating 
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telephone number of the telephone call from the caller 
line identification information that is transmitted at the 
time the telephone call is placed. The person is 
instructed by voice prompts to provide the security code 
5 with which they were provided at step 32. This may be 
done by manual entry using the telephone keypad, or by 
voice recognition techniques. Receiving means embodied in 
server 12 receives the security code that the person 14 
provides . 

10 At step 36, matching means embodied in server 12 

matches the security code provided by person 14 with a 
security code previously provided by the system. If the 
security code does not match the method returns to step 
34. If the security code does match the method proceeds 

15 to step 38. 

At step 38, verifying means embodied in server 12 
verifies that a telephone address stored in telephone 
database 22 and associated with the originating telephone 
number is substantially the same as the credit card 

20 address. This may be done by obtaining the telephone 

address from the database and comparing the addresses in 
the same manner as the previously described comparison of 
credit card addresses. Some telephone companies will not 
give out a telephone address when provided with only a 

25 telephone number. They may, however, confirm whether a 
provided address is substantially the same as an address 
stored in their telephone database and associated with a 
particular telephone number. If the addresses are 
substantially the same the method proceeds to step 42 and 

30 the transaction is accepted. If the addresses are not 

substantially the same the method proceeds to step 44 and 
the transaction is denied. 
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In the case of a person dialling into gateway 26 using 
a mobile telephone, additional verification may be made to 
allow for the fact that it is relatively easy to set up a 
mobile telephone account with, a fraudulent address such as 
5 in the case of a pre-paid mobile telephone account where 
the mobile phone operator does not require the person to 
authenticate their address at the time of setting up their 
account. For this reason, the system may require that a 
person who wishes to call in using a mobile telephone 
10 previously authenticates an address associated with that 
mobile telephone number. This can be done by providing 
copies of correspondence received at that address. The 
authenticated address is then retrieved and used as the 
telephone address for the purposes of assessing the 
15 transaction. 

The present invention has particular application for 
authenticating purchases for services which are not 
rendered at the address associated with the credit card. 
However, there is no reason why it could not be applied to 
20 authenticating purchases for physical goods being 
delivered to an address, for added security. 

The method and system of the invention can be used to 
authenticate purchases of: 

• Applying credit to an account at an internet based 
25 service which allows users to transfer money by 

email 

• Airline tickets being picked up at check- in 

• Paying for parking 

It can be seen that the above described method and 
30 system provide an improved way of reducing the risk of 

credit card fraud by verifying that a person is associated 
with an address associated with a credit card. 
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lt will be appreciated that, although described with 
reference to a transaction occurring over the internet, 
the invention is not limited to that use and can be used 
for transactions made over the telephone. 
5 The system is not limited, to databases including 

previously authenticated addresses relating to credit card 
or telephone accounts. Any database including previously 
authenticated address information can be used where that 
database includes details of the person. In one 
10 embodiment the system is operated for employees of a 

company and the company database of employee information 
is used to provide previously authenticated addresses. 
The validation information that is obtained from the 
person is their user name and password for accessing the 
15 company employee database. 

It will be appreciated that, although the specific 
embodiment of the method described above is carried out 
using computer systems, in other embodiments some human 
involvement may be used to perform the invention such as 
20 call centre operators. 

It will be appreciated that the above described 
embodiment is carried out using a combination of computer 
hardware and software. Any suitable computing system can 
be used such as networked computers or computers connected 
25 by dedicated connections. 

Any reference to prior art contained herein is not to 
be taken as an admission that the information is common 
general knowledge, unless otherwise indicated. 

Finally, it is to be appreciated that various 
3 0 alterations or additions may be made to the parts 

previously described without departing from the spirit or 
ambit of the present invention. 
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CLAIMS: 



1. A method of reducing credit card fraud including the 
steps of: 

5 receiving credit card information including a credit 

card number from a person wishing to make a 
transaction; 

receiving a telephone call and verifying that the 
caller is the person who supplied the credit card 
10 information; 

receiving authentication information by way of the 
telephone call; and 

using the authentication information to retrieve a 
previously authenticated address for the person. 

15 2 . A method according to claim 1 wherein the step of 

verifying that the caller is the person who supplied 
the credit information further includes the step of 
receiving the credit card information from the person 
making the telephone call. 

2 0 3. A method according to claim 1 wherein the step of 

verifying that the caller is the person who supplied 
the credit card information further includes the step 
of providing the person who supplied the credit card 
information with a security code; receiving a 

25 security code from the caller and matching the 

received security code with a supplied security code. 

4. A method according to any preceding claim wherein the 
step of receiving authentication information by way 
of the telephone call further includes the step of 

30 receiving caller line identification information 

transmitted with the telephone call. 

5 . A method according to any preceding claim wherein the 
step of receiving authentication information by way 
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of the telephone call further includes the step of 
receiving a user name and password from the caller. 

6. A method according to any preceding claim wherein 
further including the steps of verifying that the 

5 previously authenticated address is substantially the 

same as an address associated with the credit card 
number; and accepting the transaction only if the 
verification is successful. 

7 . A method according to any one of claims 1 to 5 
further including the steps of verifying that the 
previously authenticated address is substantially the 
same as an address associated with the telephone 
account that was used to make the telephone call; and 
accepting the transaction only if the verification is 

15 successful. 

8. A method according to claim 7 wherein the step of 
verifying that the previously authenticated address 

• is substantially the same as an address associated 
with the telephone account further includes the steps 

20 of providing the previously authenticated address to 

a telephone account database controller and receiving 
an indication of whether a telephone address stored 
in the telephone database is substantially the same 
as the previously authenticated address. 

25 9. A method according to any preceding claim wherein the 
credit card information includes an address 
associated with the credit card number. 

10. A method according to any preceding claim wherein the 
step of receiving the credit card information is done 
by way of the person interacting with a computer user 
interface. 

11. A method according to claim 10 wherein the computer 
user interface is provided at an internet website. 



30 



WO 03/025868 PCT/AU02/01269 

- 14 - 

12. A system for reducing credit card fraud including: 

means for receiving credit card information including 
a credit card number from a person wishing to make a 
transaction; 

5 means for receiving a telephone call and verifying 

that the caller is the person who supplied the credit 
card information; 

means for receiving authentication information by way 
of the telephone call; and 
10 means for using the authentication information to 

retrieve a previously authenticated address for the 
person. 

13 . A system according to claim 12 wherein the means for 
verifying that the caller is the person who supplied 

15 the credit card information includes means for 

providing the person who supplied the credit card 
information with a security code; means for receiving 
a security code from the caller and means for 
matching the received security code with a supplied 

20 security code. 

14. A system according to either claim. 12 or claim 13 
wherein the means for receiving authentication 
information by way of the telephone call includes 

. means for receiving caller line identification 
25 information transmitted with the telephone call. 

15. A system according to any one of claims 12 to 14 
wherein the means for receiving authentication 
information by way of the telephone call includes 
means for receiving a user name and password from the 

30 caller, 

16. A system according to any one of claims 12 to 15 
further including means for verifying that the 
previously authenticated address is substantially the 



WO 03/025868 PCT/AUO 2/0 1269 

- 15 - 

same as an address associated with the credit card 
number; and means for accepting the transaction only 
if the verification is successful, 

17. A system according to any one of claims 12 to 15 
5 further including means for verifying that the 

previously authenticated address is substantially the 
same as an address associated with the telephone 
account that was used to make the telephone call; and 
means for accepting the transaction only if the 
10 -verification is successful. 

18. A system according to claim 17 wherein the means for 
verifying that the previously authenticated address 
is substantially the same as an address associated 
with the telephone account further includes means for 

15 providing the previously authenticated address to a 

telephone account database controller and means for 
receiving an indication of whether a telephone 
address stored in the telephone database is 
substantially the same as the previously 

20 authenticated address. 

19 . A system, according to any one of claims 12 to 18 
wherein the credit card information . includes an 
address associated with the credit card number. 

20. A system according to any one of claims 12 to wherein 
25 the means for receiving the credit card information 

includes a computer user interface. 

21. A' system according to claim 20 wherein the computer 
user interface is provided at an internet website. 

22. A computer program providing instructions for 

30 controlling a computing system to carry out a method 

according to any one of claims 1 to 11 . 
23 . A computer readable medium providing a computer 
program according to claim 22 . 
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